Find a Question:

Kaspersky Lab discovered important points of weakness in the commonly used energy equipment

Jun

24

2016

Services Kaspersky Lab points team discovered the weakness of the task during a security assessment for a customer in the infrastructure sector, so that the weak point CVE-2016-4785 can allow any attacker to obtain a limited amount of device memory content of the vectors of power protection devices. Have been reported weaknesses to Siemens, which supplied these devices, it has been repaired.

He had discovered a weakness in the unit private network protection with Siemens Sportak 4 tankers (SIPROTEC 4) – a device used widely in the energy sector to protect the network against short circuit and loads of hazardous energy. Since any successful attack through this weak point might be the attacker to read some of the device’s memory content remotely through this module, you can use this information to carry out more attacks.

Siemens has confirmed the presence of weakness and issued a circular contains useful instructions related to the mitigation of impacts and update. Kaspersky Lab also urges any security experts working in organizations that use this type of device, to pay close attention to the popularization and follow its recommendations.

Says Sergei Geordichec, deputy director of services at Kaspersky Lab: “The finding such weaknesses are not essential and our job, but experience has shown us that when we take the security assessment procedures, it is certain that we will find something.”

Georichec He added: “The end-user products with vulnerabilities there are usually related to the same point of weakness, and remain vulnerable to attack even if it were to organize other parts of the infrastructure for information technology has been well tuned to a certain extent.”

He continued: “For these reasons, it is our responsibility to inform all security weakness found during our daily work points. This is a key part of our contribution to societal security. We would also like to thank the ICS CERT to coordinate the disclosure of such weakness, and Siemens to the speed of reaction to the news. ”

Kaspersky Lab experts also revealed during the past 12 months more than 20 points twice in the hardware and various software products: from consumer devices to industrial control systems and routers vehicles and railways.

It is noteworthy that found potential weaknesses in the field of information technology or industrial infrastructure is a key advantage of services penetration testing and evaluation of security, which are offered under the umbrella of intelligence Kaspersky security services.

These services also include a variety of products that are designed to quickly provide security expertise for businesses: security training, digital forensic analysis, data threats and reports of intelligence reports. Where these services help companies to support all key aspects of e – strategies flexibility, including the prevention of threats, investigate and respond to attacks and unpredictable, as can be found on more information about the Security Intelligence Service visited the site of Kaspersky Lab .